Operational Resilience
Operational Resilience has received increased regulatory scrutiny with the release of the joint discussion paper by the Bank of England, Financial Conduct Authority and the Prudential Regulatory Authority in July 2018. A clear statement from the regulators that the continued failure of organisations through neglect or oversight to implement strong Operational Resilience controls was no longer acceptable in light of the evident harm caused to consumers and markets.
The regulators are now close to releasing a final Policy Statement which, once delivered, we expect to set the clock running for firms. Inaction will no longer be an option and we anticipate firms will need to be substantively ’complete’ by the end of this year.
Firms must look at their Operational Resilience and ensure that they take action to minimise the risk of harm to customers arising through interruptions to Important Business Services. The approach will need to consider:
- Governance framework and controls
- Identification of ‘Important Business Services’
- Mapping of business services and vulnerabilities
- Identification of scenarios and scenario testing
- Impact tolerance setting and statements
- Assessment of third-party service providers
It is important that firms recognise the distinction between the regulator’s approach to Operational Risks and other elements of business management. Specifically, the process of building Operational Resilience is not covered by existing plans for:
- Business continuity planning;
- Disaster recovery plans;
- Operational risk frameworks.
Now is the time to begin taking action on your own firm’s Operational Resilience planning, if you have not already started the process.
Kenneth Underhill’s webinar: “An Introduction to Operational Resilience” is available to watch on our YouTube channel. It is the first in a series of webinars on the subject, all available to watch on YouTube.
Operational Resilience – Regulatory Timeline
The joint discussion paper issued by the Bank of England, Financial Conduct Authority and the Prudential Regulatory Authority in July 2018 started the current work on Operational Resilience. Take a look at our expanded regulatory timeline for a full list of key dates, including links to all the main consultation papers, discussion papers and policy statements that have been issued.
Operational Resilience—The ICSR Approach
Operational Resilience will be a living and breathing process requiring continual oversight and change. It will require firms to undertake a considerable project to create and embed the necessary processes. We do not anticipate significant change to current policy guidance and our experience suggests that fully completing a programme of work and embedding Operational Resilience into your operating model will take 6-12 months depending on scope and resources.
There are two resourcing approaches to the work, which can be carried out in stages to assist with client planning:
- An advice only approach;
- An advice, support and validation model with design, test and implementation phases for the operational resilience framework, along with the training necessary for the client’s own staff to take responsibility for the ongoing management of the framework.
Our approach will be based on your business models and the outcome of proof of concept testing.
ICSR can provide the resources necessary to support either model, including SMEs, Business Analysts, Programme Managers and IT expertise.
Latest News: Operational Resilience
Our team have produced a number of articles on the subject of Operational Resilience. The most recent are shown below. To see all articles on the subject, please click here to go to our news page.
ICSR Horizons Q3 2024: Our Quarterly Report For Senior Leaders
The latest edition of Horizons, our quarterly report for senior leaders across compliance, risk and regulatory roles within insurance firms is now available. You can download your copy of Horizons here.This edition covers:IntroductionThe Longer-term HorizonQ3 2024...
Operational Resilience – The Final Furlong Towards Implementation
In March 2021, the PRA and FCA issued their joint final supervisory statements related to firms’ demonstration of Operational Resilience (SS2/21 and PS21/3). Learning lessons of the fallout from TSB’s technical issues related to its IT systems and data migration...
PRA Business Plan: An Agenda For (International) Growth?
The PRA published its business plan earlier in April and as with the FCA, there is unsurprisingly quite a significant focus on how it will deliver its new growth objectives now these are formally in place. As Sam Woods says in the foreword, it will be the first full...
Our Experience
ICSR has already helped a number of firms formulate their approach and undertake the necessary work. We have been able to build a team with unrivalled experience and expertise in Operational Resilience, the methodologies which can be adopted, and the documentation and governance structures required to complete an operating framework.
Case Studies: Operational Resilience
ICSR has carried out a number of assignments helping clients with their Operational Resilience planning.
Key Contact
Please get in touch if you want to discuss your own approach to Operational Resilience.